A CAN device is provided with an encryption function and a decryption function. The encryption function allows messages to be encrypted and put onto a CAN bus. The decryption function allows the messages on the CAN bus to be decrypted. The encryption and decryption functions share keys which change over the course of time.

A method may include allocating a number of public keys, where each respective public key is allocated to a respective entity of a number of entities; storing a number of private keys, where each respective private corresponds to a respective public key; storing one or more decryption algorithms, where each respective decryption algorithm is configured to decrypt data previously encrypted using at least one encryption algorithm of the encryption algorithms. Each respective encryption algorithm may be configured to encrypt data using at least one public key. Each respective decryption algorithm may be configured to decrypt data using at least one private key. The method may include receiving encrypted data, where the encrypted data is encrypted using a first public key and a first encryption algorithm, and the encrypted data is provided over a network.

The invention provides a computer-implemented method for configuring a node to join a distributed network such as a CBDC network that enables secure computations to be performed. The invention also provides a computer-implemented method for securely operating on data in a distributed network such as securely performing transactions in a CBDC network. The invention enables this by requiring nodes to perform network-related computations in a trusted execution environment (TEE) within the node processing capabilities. As the TEE is a separate execution environment from the main unsecure computational resources of the node, it is not possible for the unsecure node components to gain access to data relating to the computations. In this manner, secure operation on data is enabled without the significant increase in complexity associated with Zero Knowledge cryptography.

An anonymization system (100) for anonymizing data within an anonymization receiver (110) for use by a first user (112) and a second user (114). The anonymization system (100) includes an anonymizer (102) and a database (104). The database (104) that is configured to store at least one of (i) a first data that corresponds to the first user (112), and (ii) a second data that corresponds to the second user (114). The anonymizer (102) anonymizes at least one of the first data and the second data. The anonymizer (102) is configured to transfer anonymized data to the anonymization receiver (110). The anonymizer (102) is configured to generate an anonymizing identifier that is based on at least one of the first data and the second data. The anonymizer (102) is configured to generate a token that represents the anonymizing identifier.

A message processing request is received from a channel partner device, where the message processing request includes a ciphertext message encrypted in a trusted execution environment (TEE) of a service provider device based on a service processing request that includes a plaintext message of the ciphertext message, and where the service processing request requests at least a portion of the plaintext message to be sent to a target user. A first smart contract deployed in a blockchain of the blockchain network is invoked using a TEE of a blockchain node of a blockchain network. The ciphertext message is decrypted based on the first smart contract to obtain the plaintext message. The plaintext message is sent to an operator device to forward the at least a portion of the plaintext message to the target user.

The present inventions, in one aspect, are directed to systems and circuitry for and/or methods of establishing communication having one or more pairing facilitator-intermediary devices (for example, a network connected server) to enable or facilitate pairing and/or registering at least two devices (e.g., (i) a portable biometric monitoring device and (ii) a smartphone, laptop and/or tablet) to, for example, recognize, interact and/or enable interoperability between such devices. The pairing facilitator-intermediary device may responsively communicates information to one or more of the devices (to be paired or registered) which, in response, enable or facilitate such devices to pair or register. The present inventions may be advantageous where one or both of the devices to be paired or registered is/are not configured (e.g., include a user interface or certain communication circuitry that is configured or includes functionality) to pair devices without use of a facilitator-intermediary device.

Methods and systems for gateway agnostic tokenization are disclosed. Gateway agnostic tokenization enables a resource provider to quickly, safely, and efficiently route a token for authorization via any appropriate gateway computer. As part of an interaction with a user, a resource provider can transmit a token to an edge computer. The edge computer can then forward the token to a gateway computer. The gateway computer can identify a data item comprising two ciphertexts associated with the token. The edge computer and gateway computer can collectively decrypt the two ciphertexts to obtain a credential. The gateway computer can then forward the credential to an authorizing entity computer. The authorizing entity computer can then determine whether or not to authorize the interaction.

A technique and system protects documents at rest and in motion using declarative policies and encryption. Encryption in the system is provided transparently and can work in conjunction with policy enforcers installed at a system. A system can protect information or documents from: (i) insider theft; (ii) ensure confidentiality; and (iii) prevent data loss, while enabling collaboration both inside and outside of a company.

Novel tools and techniques might provide for implementing secure communications for IoT devices. In various embodiments, a gateway or computing device might provide connectivity between or amongst two or more Internet of Things (“IoT”) capable devices, by establishing an IoT protocol-based, autonomous machine-to-machine communication channel amongst the two or more IoT capable devices. For sensitive and/or private communications, the gateway or computing device might establish a secure off-the-record (“OTR”) communication session within the IoT protocol-based, autonomous machine-to-machine channel, thereby providing encrypted machine-to-machine communications amongst the two or more IoT capable devices, without any content of communications that are exchanged amongst the IoT capable devices over the secure OTR communication session being recorded or logged. In some cases, the secure OTR communication session utilizes cryptographic protocols including, without limitation, one or more of AES symmetric-key algorithm, Diffie-Hellman key exchange, SHA-1 hash function, forward secrecy, deniable authentication, malleable encryption, and/or the like.

A cryptographic anonymization method, apparatus, and system are disclosed. An example apparatus includes a server configured to receive encrypted usage information and an identifier from an application operating on a user terminal and trans-cypher the encrypted usage information from a first encryption scheme to a second encryption scheme to create second encrypted usage information without decrypting the encrypted usage information. The server is also configured to convert and encrypt the identifier to an encrypted unique identifier. The server is further configured to compare the second encrypted usage information to a taxonomy of data labels using rules. For each match of at least some of the second encrypted usage information to a data label, the server is configured to add the encrypted unique identifier to the matching data label. The server uses the data labels and/or the encrypted unique identifier for serving advertisements to the user.